CVE-2010-1822Incorrect Type Conversion or Cast in Apple Safari

CWE-704Incorrect Type Conversion or Cast5 documents4 sources
Severity
8.8HIGHNVD
EPSS
4.1%
top 11.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Apple SafariGoogle ChromeOpensuse
Timeline
PublishedOct 4
Latest updateMay 13

Description

WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3 and Google Chrome before 6.0.472.62, does not properly perform a cast of an unspecified variable, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an SVG element in a non-SVG document.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

NVDapple/safari5.05.0.3+1
NVDgoogle/chrome< 6.0.472.62
NVDopensuse/opensuse11.2, 11.3+1

🔴Vulnerability Details

1
GHSA
GHSA-whwc-x4m2-68jw: WebKit, as used in Apple Safari before 42022-05-13

📋Vendor Advisories

1
Red Hat
WebKit: DoS (crash) by processing certain SVG images2010-09-17

💬Community

2
Bugzilla
CVE-2010-1822 WebKit: DoS (crash) by processing certain SVG images [fedora-all]2010-10-22
Bugzilla
CVE-2010-1822 WebKit: DoS (crash) by processing certain SVG images2010-10-05